RAJU M.R

Roles and Responsibilities:

• Led the security assessment of cloud-hosted applications and infrastructure.
• Conducted threat modeling and risk assessments for new digital initiatives.
• Performed vulnerability scans and penetration testing on internal and external assets.
• Collaborated with DevOps teams to integrate security into CI/CD pipelines.
• Delivered security awareness training and best practices to development teams.
• Authored detailed security assessment reports and remediation plans.

• Lead a team responsible for conducting automated and manual tests of information systems, including internal and external network penetration testing, vulnerability scans, threat modeling, information system architecture assessments and Web application testing.
• Performed Threat Modelling, Dynamic Application Security Testing, Source Code Review, API testing for the Client Native Mobile Application.
• Performed Architecture Review for the Client Infrastructure.
• Threat modelling of the Project by involving before development and improving the security at the initial phase.
• STRIDE assessment of the applications during the design phase, identifying the threats possible and providing security requirements.
• Experience in Static Analysis of mobile platform (Android).
• Experience in Static Analysis Javascript.
• Performed DAST for the applications using the Open source tools Burp suite and Scans using the IBM appscan standard.
• Performed Code Analysis/Review to validate the vulnerabilities that are identified by CheckMarx.
• Identified vulnerabilities in both SAST, DAST and recommended proper remediation to ensure the overall level of security posture of the application.
• Recommend Fix for the identified Vulnerabilities.
• Performed Manual DB assessment for the MS SQL server CIA benchmarks.
• Identifies Security Misconfigurations and Vulnerabilities against the CIA benchmarks and recommended proper remediation to ensure the overall level of security posture of the SQL DB server.
• Performed network scans various ports of MS SQL server using Nmap and prepared report on the identified vulnerable ports.
• Team Members: 12

• As a part of Infosys Unified Vulnerability Management team, I am focused on DAST (Dynamic Application Security Testing) & SAST (Static Application Security Testing)
• Design and execute Application Security Testing projects, Penetration Testing (Black Box, Grey Box), Vulnerability Assessment, and Network Assessment on critical infrastructure.
• Perform manual as well as automated pen tests using various open source as well commercial tools.
• Identify and eliminate the False Positives.
• Team Members: 12

• Conduct Security Review to new projects/services which include Infrastructure, Web Application, Database, etc
• Conduct Vulnerability assessment, Penetration testing for various projects and RFCs.
• Get in touch with the user/requester to understand the requirement and participating conf. call with user & technical teams.
• Risk Assessment report preparation as per ISO 27001.
• Recommending security controls to mitigate the risks.
• Provide support for Technical risk assessment and mitigation
• Perform network attack and penetration testing
• Perform internal and external vulnerability assessments
• Perform web application penetration testing (Black box, Grey box and White box)
• Use of various methodologies used in Attack & Penetration testing.
• Experience in information security risk assessments and gap analysis.
• A solid understanding of network penetration techniques, tools, and methodologies
• Broad expertise with multiple operating systems such as Linux and Windows, and network services(HTTP, Databases, etc.) and their inherent security issues
• Conducting Hands-On Web application penetration tests
• Ability to utilize common penetration testing tools: Metasploit, Nessus, nMap, AppScan, and BurpSuite, App Detective Pro, Qualys
• Experience in network penetration testing methods and writing testing assessment reports.
• Client: Tata Communications Limited
• Team Members: 6

• Perform gap analysis of network infrastructure as well as on-going vulnerability assessments to continuously mitigate risk, providing technical leadership during all audits, communicating all issues and user feedback to members of product development teams and vendor representatives.
• Performing vulnerability assessment using Nessus, GFI Languard, Saint, Nexpose and Openvas.
• Performing Penetration Test using open source tools and Commercial tools (Backtrack 4R3, Nmap, Metasploit, Firewalk etc.)
• Performing Web Application Security testing – OWASP Top 10 and Sans Top 25 based Security Testing
• Preparing Reports of Vulnerability Assessment and Penetration Testing about Vulnerabilities and recommendation.
• Perform audit tracking, network assessing and reporting about vulnerabilities.
• Firewall and Router auditing and Review.
• Server and Client OS Hardening.
• Perform audit tracking, network assessing and reporting about vulnerabilities.
• Network Analysis & Troubleshooting.
• Deployment of Antivirus in Servers & Clients.
• Installation & Configuration of Various Software Packages.
• Planning, coordinating and implementing security policy for enterprise setup.
• Preparing the checklist and the documents as per the company policy.
• Regular Patch Management of all server and client Operating Systems to ensure they are not vulnerable to known attacks.
• Data Leakage Prevention Software Administrator, Client Servicing, Customer Support.
• Effectively plan, install, configure, maintain, optimize and troubleshoot Windows 2000 & 2003-based network Infrastructure.
• Active Directory Management and monitoring.
• Hands on experience in Configuring TCP/IP, DHCP, DNS, VPN, and NAT.
• Implementation and maintenance of Group policies purely in Windows 2003 environment.
• Managing User Accounts, File System, Password policies, Network Printing for client systems and end users.
• Implementing Patch Management and Antivirus for the server and client systems.
• Investigated user problems, determined possible solutions, overall software, application development, installation and upgrades.
• Maintain a strong working knowledge of all software, hardware, applications, and other critical tools, including enterprise security trends, potential threats, general industry developments, and other technical consideration.
• Provide relevant oversight and guidance to engineers, technical service staff, client IT personnel, and other parties to facilitate efficient information flow and address any/all security and operational concerns.
• Use automated and manual code review techniques to identify application security vulnerabilities.
• Have a good to excellent understanding of one or more OS platforms (Windows experience is a plus, though we understand that you might prefer to run Linux (or OSX).
• Basic to excellent understanding of web application platforms.
• Leverage automated analysis techniques for efficient delivery of focused and comprehensive test formats.
• Team Members: 6